openstack team mailing list archive

Thread
Date

Re: Customer Portal Security from Hackers

To: chris@xxxxxxxxxxxxxxxxxxxxxx
From: Matt Joyce <matt.joyce@xxxxxxxxxxxxxxxx>
Date: Mon, 20 May 2013 13:22:28 -0700
Cc: "openstack@xxxxxxxxxxxxxxxxxxx $openstack@xxxxxxxxxxxxxxxxxxx$" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <014c01ce5593$deeeaba0$9ccc02e0$@christopherbartels.com>

Chris,

Someone will probably denounce this email as heresy for using this analogy,
but so be it.

Try to think of OpenStack as you would a motor vehicle's engine.  It has
many components that all tie together to allow the engine to operate.
Sometimes it has different configurations such as having a turbo charger or
a specific custom intake.

But, by itself OpenStack is just that... an engine.  Think of the OS as
being the frame or chasis of the Car.  Now you have a chasis with an
engine.  Maybe Horizon is the Dashboard.  Awesome.  Now we have most of
what we need to move this vehicle from place to place.

However, there's no seat belts, no windows, no a/c, or stereo, no bumpers,
no breaks, no... etc etc.

OpenStack by itself is just one component of a larger thing, be it an SaaS,
IaaS, whatever... solution.

You need to add the pieces to your cloud vehicle as you build it, or
alternatively buy a cloud vehicle from one of the many fine purveyor's of
OpenStack products.

As far as basic security goes...   I put together a basic introduction to
security targetting for OpenStack for shmoocon earlier this year.  It's
very folsom specific and very high level.

That's here:  http://www.youtube.com/watch?v=TkFsBvymiNM

Not sure if that is enough. A long time ago I wrote a security primer for
OpenStack, probably around the cactus release time frame.  I'll try to
write something up for grizzly if I have time.  It would probably be
helpful to have something like that in Docs.

-Matt

On Mon, May 20, 2013 at 12:54 PM, Chris Bartels <
chris@xxxxxxxxxxxxxxxxxxxxxx> wrote:

> Hi,****
>
> ** **
>
> I’m interested in learning more about how to implement a customer portal
> for an OpenStack installation, and would like to know specifically about
> how the customer portal is safe from would-be hackers when exposed in the
> wild. I don’t know if there are any additional measures I would have to add
> like perhaps my own login page with its own security to protect the
> management page, or if it comes with its own login system for example. ***
> *
>
> ** **
>
> How can I make the security of my VPS service a selling point when I’m
> using OpenStack for the backend?****
>
> ** **
>
> Mind you I don’t know anything about OpenStack yet, aside from what I see
> in videos on the OpenStack Foundation YouTube channel, and I haven’t seen
> anything addressing this issue as of yet. I don’t even know if OpenStack
> comes with a customer portal I can deploy or if I have to design one using
> the API.****
>
> ** **
>
> I hope to have servers arrive this week which I can use to build
> prototypes of my production setup, where I can test hardening
> configurations. But I don’t know where to begin. All I can think of is
> fail2ban, and I don’t think that would apply in this case.****
>
> ** **
>
> What can people tell me that would help me get a handle on this issue?****
>
> ** **
>
> ** **
>
> Thanks in advance.****
>
> ** **
>
> -Chris****
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: Customer Portal Security from Hackers
From: Anne Gentle, 2013-05-20

References

Customer Portal Security from Hackers
From: Chris Bartels, 2013-05-20